Stefan:
Why is -Dlog4j2.formatMsgNoLookups=true out of date? This is a mitigation not a remediation. Log4J2 version 2.17 didn't exist three days ago.
-Dlog4j2.formatMsgNoLookups=true works to mitigate the issues until Developement can build a new release of software with Log4J 2.17.0.
------------------------------
Best regards,
Martin Graney
Queues Enforth Development, Inc.
Woburn, MA 01801
------------------------------
Original Message:
Sent: Mon December 20, 2021 04:19 PM
From: Carlton Doe
Subject: Technote on Log4j vulnerability in Informix
Development is looking at this and we'll publish an official response as soon as we can.
Thanks
------------------------------
Carlton Doe
Original Message:
Sent: Mon December 20, 2021 02:03 AM
From: Stefan Wilfling
Subject: Technote on Log4j vulnerability in Informix
Hi!
Be careful, because the solution (-Dlog4j2.formatMsgNoLookups=true) is out of date.
Look at: https://logging.apache.org/log4j/2.x/: Without updating to log4j 2.17.0, it doesn´t help in all cases.
------------------------------
Kind Regards
Stefan
Original Message:
Sent: Fri December 17, 2021 11:58 AM
From: Carlton Doe
Subject: Technote on Log4j vulnerability in Informix
An official TechNote is now available on this issue. The full Security Bulletin will be published (with the same information) through the PSIRT channels shortly.
Tech Note: Log4j Vulnerability ( CVE-2021-44228 ) in IBM Informix workaround
Basically it affects the latest IHQ versions. Workaround is very simple to implement.
Thank you to Informix Development for working on this.
------------------------------
Carlton Doe
------------------------------
#Informix